[英]Java Card 2.2.2: temporary RSA public key as transient
I'm designing a Java Card (2.2.2 thus Classic) applet that will, at each use, receive a RSA public key (validated using means immaterial to the question), then use that RSA public key to verify an RSA signature. 我正在设计一个Java Card(2.2.2因此经典)applet,它将在每次使用时接收RSA公钥(使用与问题无关的方式进行验证),然后使用该RSA公钥来验证RSA签名。
How can I keep that RSA public key in RAM (rather than writing it in EEPROM/Flash), for performance and device lifetime reasons ? 出于性能和设备寿命的原因,如何将RSA公钥保存在RAM中(而不是将其写入EEPROM / Flash)?
My problem is, in javacard.security.KeyBuilder
of JC 2.2.2, the buildKey(byte keyType, short keyLength, boolean keyEncryption)
API does not seem to have an option to specify transient memory; 我的问题是,在JC 2.2.2的
javacard.security.KeyBuilder
中, buildKey(byte keyType, short keyLength, boolean keyEncryption)
API似乎没有指定瞬态内存的选项; I see neither 我也看不见
keyType
combining TYPE_RSA_PUBLIC
and transcient, as we have with TYPE_DES_TRANSIENT_DESELECT
; keyType
结合TYPE_RSA_PUBLIC
和TYPE_RSA_PUBLIC
,就像我们有TYPE_DES_TRANSIENT_DESELECT
; TYPE_RSA_PRIVATE_TRANSIENT_DESELECT
which conceivably could be abused into a public key (on platforms with no test for the size of d ), for this is a novelty of Java Card Classic 3; TYPE_RSA_PRIVATE_TRANSIENT_DESELECT
也不会被滥用到公钥中(在没有测试d大小的平台上),因为这是Java Card Classic 3的新颖之处; buildKey(byte algorithmicKeyType, byte keyMemoryType, short keyLength, boolean keyEncryption)
with a keyMemoryType
parameter, which also is a novelty of Java Card Classic 3. buildKey(byte algorithmicKeyType, byte keyMemoryType, short keyLength, boolean keyEncryption)
,带有keyMemoryType
参数,这也是Java Card Classic 3的新颖之处。 Would bracketing all changes and uses of my RSA public key with beginTransaction()
and abortTransaction()
achieve my goal? 是否可以通过
beginTransaction()
和abortTransaction()
将所有更改和使用我的RSA公钥实现目标?
I have been dealing with exactly the same problem and had to use persistent memory and wear leveling (which worked). 我一直在处理完全相同的问题,不得不使用持久性内存和磨损均衡(这是有效的)。
Even had the same idea with beginTransaction()
/ abortTransaction()
, but was told by the card manufacturer that this won't work (They said it would make things even worse regarding EEPROM lifetime). 甚至与
beginTransaction()
/ abortTransaction()
有相同的想法,但是卡制造商告诉它这不起作用(他们说这会使EEPROM寿命更糟)。 YMMV. 因人而异。
Some remarks: 一些评论:
The performance was sufficient for given use case (which surprised me). 对于给定的用例(这令我感到惊讶),性能已经足够了。
Card lifetime can be estimated quite well (given you know how many re-write cycles the persistent memory has, it's block size, the frequency of different public key uses and wear leveling overhead). 可以非常好地估计卡的生存期(假设你知道持久内存有多少重写周期,它的块大小,不同公钥使用的频率和耗损均衡开销)。
Consider wear leveling both RSAPublicKey
and Cipher
objects together. 考虑将
RSAPublicKey
和Cipher
对象一起调平。
Use as much memory for object pool as you can. 尽可能多地使用对象池内存。
There may be some vendor specific API which allows RSA computation (in our case there was no such possibility) 可能有一些供应商特定的API允许RSA计算(在我们的例子中没有这种可能性)
Good luck! 祝好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.